The AWS::Cognito::UserPoolResourceServer
resource creates a new OAuth2.0
resource server and defines custom scopes in it.
Note
If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::Cognito::UserPoolResourceServer",
"Properties" : {
"Identifier" : String
,
"Name" : String
,
"Scopes" : [ ResourceServerScopeType, ... ]
,
"UserPoolId" : String
}
}
YAML
Type: AWS::Cognito::UserPoolResourceServer
Properties:
Identifier: String
Name: String
Scopes:
- ResourceServerScopeType
UserPoolId: String
Properties
Identifier
-
A unique resource server identifier for the resource server. The identifier can be an API friendly name like
solar-system-data
. You can also set an API URL likehttps://solar-system-data-api.example.com
as your identifier.Amazon Cognito represents scopes in the access token in the format
$resource-server-identifier/$scope
. Longer scope-identifier strings increase the size of your access tokens.Required: Yes
Type: String
Pattern:
[\x21\x23-\x5B\x5D-\x7E]+
Minimum:
1
Maximum:
256
Update requires: Replacement
Name
-
A friendly name for the resource server.
Required: Yes
Type: String
Pattern:
[\w\s+=,.@-]+
Minimum:
1
Maximum:
256
Update requires: No interruption
Scopes
-
A list of scopes. Each scope is a map with keys
ScopeName
andScopeDescription
.Required: No
Type: Array of ResourceServerScopeType
Maximum:
100
Update requires: No interruption
UserPoolId
-
The ID of the user pool where you want to create a resource server.
Required: Yes
Type: String
Pattern:
[\w-]+_[0-9a-zA-Z]+
Minimum:
1
Maximum:
55
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns physicalResourceId, which is the resource server identifier
“Identifier". For example:
{ "Ref": "yourResourceServerIdentifier" }
For the Amazon Cognito resource server yourResourceServerIdentifier
, Ref
returns the name of the resource server.
For more information about using the Ref
function, see Ref
.
Examples
Creating a new resource server for a user pool
The following example creates a resource server "Name" with the identifier "Identifier" in the referenced user pool.
JSON
{
"UserPoolResourceServer": {
"Type": "AWS::Cognito::UserPoolResourceServer",
"Properties": {
"UserPoolId": {
"Ref": "UserPool"
},
"Identifier": "Identifier",
"Name": "Name",
"Scopes": [{
"ScopeName": "ScopeName1",
"ScopeDescription": "description"
}, {
"ScopeName": "ScopeName2",
"ScopeDescription": "description"
}]
}
}
}
YAML
UserPoolResourceServer:
Type: AWS::Cognito::UserPoolResourceServer
Properties:
UserPoolId: !Ref UserPool
Identifier: "Identifier"
Name: "Name"
Scopes:
- ScopeName: "ScopeName1"
ScopeDescription: "description"
- ScopeName: "ScopeName2"
ScopeDescription: "description"